ICS security certification – 6 weeks out and the SCADA material is overwhelming
I'm sitting for the Industrial Control Systems Security Certification in about 6 weeks and starting to panic a little. I come from a traditional IT security background (10 years, CISSP since 2019) but the OT side is a completely different world. The Purdue Model and network segmentation concepts make sense, but the specific protocol stuff – Modbus, DNP3, IEC 61850 – is where I'm losing time.
I've been doing about 90 minutes of study per day across the SANS ICS curriculum and some Dragos vendor material. My practice exam scores are hovering around 68-72% and I need 75% to pass. The gap is mostly in incident response and forensics specific to OT environments.
Has anyone made the jump from pure IT security to ICS certification? I'm wondering if there are hands-on labs or simulators that help you internalize OT concepts rather than just memorize them. The theoretical stuff I can read, but the “why does this matter in a plant environment” context isn't clicking yet.
I came from a similar background, CISM certified, zero OT experience. Took me 9 weeks of study, roughly 2 hours a day, and passed at 79%. The physical consequences section – what happens when a PLC gets compromised versus a regular server – is something you want to be really solid on.
Modbus and DNP3 questions on the exam are mostly about their lack of authentication, not the protocol internals. They're testing whether you know the security implications, not whether you can decode packets. That reframe saved me probably 15 hours of study time.
Idaho National Lab has free ICS security resources that are legitimately good. The CISA ICS-CERT advisories are also worth reading – the exam tests real-world scenarios and those advisories read like case studies.
The SANS FOR578 labs were what made OT click for me. The key mental shift is that availability trumps confidentiality in OT – once that's your default assumption, the incident response questions get a lot easier.